06-25-18 – News This Past Week

Pwned with ‘4 lines of code’: Researchers warn SCADA systems are still hopelessly insecure
A presentation at last week’s BSides London conference by researchers from INSINIA explained how a device planted on a factory floor can identify and list networks, and trigger controllers to stop processes or production lines.
https://www.theregister.co.uk/2018/06/18/physically_hacking_scada_infosec/

China-based hackers burrow inside satellite, defense, and telecoms firms
An advanced hacking campaign originating in China has spent the past year infiltrating satellite operators, defense contractors, and telecoms companies in the US and Southeast Asia, researchers from Symantec said
https://arstechnica.com/information-technology/2018/06/china-based-hackers-burrow-inside-satellite-defense-and-telecoms-firms/

SCADA Hacking – Industrial Systems Woefully Insecure
It was ok before everything started getting wired up to networks, but with SCADA systems pre-dating the kind of security controls we need to stay safe, it’s hard to retrofit them

SCADA Hacking – Industrial Systems Woefully Insecure

NanoLock Launches Platform to Protect IoT Devices From Production Through End-of-Life
Cybersecurity start-up NanoLock Security today announced a new lightweight security platform designed to add security into the small connected devices better known as the internet of things, rather than to overlay security around those devices.
https://www.securityweek.com/nanolock-launches-platform-protect-iot-devices-production-through-end-life

Four New Vulnerabilities in Phoenix Contact Industrial Switches
Phoenix Contact has disclosed four vulnerabilities in switches in the FL SWITCH industrial line. The affected devices are typically used in automated processes at digital substations, oil and gas, maritime, and other industrial applications
https://www.darkreading.com/iot/four-new-vulnerabilities-in-phoenix-contact-industrial-switches/d/d-id/1332121

Thermostats, Locks and Lights: Digital Tools of Domestic Abuse
One woman had turned on her air-conditioner, but said it then switched off without her touching it. Another said the code numbers of the digital lock at her front door changed every day and she could not figure out why. Still another told an abuse help line that she kept hearing the doorbell ring, but no one was there

Rockwell Patches Flaw Affecting Safety Controllers From Several Vendors
In April, at SecurityWeek’s ICS Cyber Security Conference in Singapore, industrial cybersecurity firm Applied Risk disclosed the details of a serious denial-of-service (DoS) vulnerability affecting safety controllers from several major vendors. Rockwell Automation is one of those vendors and the company has now released patches for its products
https://www.securityweek.com/rockwell-patches-flaw-affecting-safety-controllers-several-vendors

Posted in Uncategorized.